[v3.0] dhcpcd: DHO_OPTIONSOVERLOADED option related issue (CVE-2014-6060)
As reported by Tobias Stoeckmann:
In function get_option, the DHO_OPTIONSOVERLOADED option checks if there are overloaded options, like bootfile or servername. It tries to make sure that it’s called only once, BUT overwrites that information after receiving a DHO_END. A malicious server could set the option DHO_OPTIONSOVERLOADED yet another time in the bootfile or servername section, which will result in another jump — maybe into the same area.
dhcpcd-4.0.0 through 6.4.2 are vulnerable. dhcpcd-6.4.3 has been released with the above fix.
(from redmine: issue id 3360, created on 2014-09-05, closed on 2014-09-24)
- parent #3356 (closed)
- Revision 037757b2 by Natanael Copa on 2014-09-12T11:25:51Z:
main/dhcpcd: security upgrade to 6.4.3 (CVE-2014-6060) fixes #3360